lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.

2026-01-21 21:59:20 +00:00 · 2010-12-22 19:12:46 +00:00
parent 7c06dbffc3
commit 8fc60215ed
3 changed files with 4 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -444,7 +444,8 @@ def heuristicCheckSqlInjection(place, parameter, value):

    payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), suffix)
    payload = agent.payload(place, parameter, value, payload)
-    page, _ = Request.queryPage(payload, place, content=True, raise404=False)
+    Request.queryPage(payload, place, content=False, raise404=False)
+
    result = wasLastRequestDBMSError()

    infoMsg  = "heuristic test shows that %s " % place